chore: add zap scan to tests

bcgov · Jan 31, 2025 · ebf59dd · ebf59dd
1 parent 532d181
commit ebf59dd
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/.github/workflows/.tests.yml b/.github/workflows/.tests.yml
@@ -20,6 +20,31 @@ env:
   PREFIX: ${{ github.event.repository.name }}-${{ inputs.target }}
 
 jobs:
+  # Run sequentially to reduce chances of rate limiting
+  zap_scan:
+    runs-on: ubuntu-latest
+    name: ZAP Scans
+    env:
+      DOMAIN: apps.silver.devops.gov.bc.ca
+      PREFIX: ${{ github.event.repository.name }}-${{ inputs.target }}
+    steps:
+      - name: ZAP Scan
+        uses: zaproxy/[email protected]
+        with:
+          allow_issue_writing: true
+          artifact_name: "zap_backend"
+          cmd_options: "-a"
+          issue_title: "ZAP: Backend"
+          target: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/api
+
+      - name: ZAP Scan - Frontend
+        uses: zaproxy/[email protected]
+        with:
+          allow_issue_writing: true
+          artifact_name: "zap_frontend"
+          cmd_options: "-a"
+          issue_title: "ZAP: Frontend"
+          target: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}
   cypress-tests:
     env:
       DOMAIN: apps.silver.devops.gov.bc.ca